This dumb password rule is from NVV (Nordhessische VerkehrsVerbund).

Password length must be 4 to 10 characters with only a few special characters allowed.

https://dumbpasswordrules.com/sites/nvv-nordhessische-verkehrsverbund/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I can’t believe with Mastodon being as techie as it is, that I am one of the only people warning about this new bill in #Canada 🇨🇦
#tech #cdnpoli #privacy #cybersecurity

https://reclaimthenet.org/cybersecurity-experts-demand-canada-scrap-bill-c-22-backdoor

hey so. looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years experience administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. I'm also 26, so I started when I was 11, explaining the no jobs so far. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Three machines, 72 docker containers. One running most of them, one running Mastodon+glitchsocial, one running the uptime monitor. encrypted root on ZFS, alpine linux, gVisor on supported containers, plan to move to Kata. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. Currently using gVisor, docker compose, and kata containers in production, experience with Linux, docker, Net/Open/FreeBSD, Cisco IOS, Juniper Junos, Mikrotik and UniFi, configuring and administering Asterisk, plus extensive experience with IBM AIX and Sun Solaris. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps #GetFediHired

Please boost for reach, any job offers please DM me.

Read "Schneier on Security":
https://www.schneier.com/
#cybersecurity #cybercrime #privacy #NoPrivacy #encryption #AI #malware #hacking #ransomware #surveillance

This dumb password rule is from PagoMisCuentas.

Password must be between 8 and 15 alphanumeric characters, and have
at least one uppercase and one lowercase letter.

https://dumbpasswordrules.com/sites/pagomiscuentas/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Banca Intesa Serbia.

Online banking portal of Banca Intesa Serbia has some password restrictions.
This is the translation of the requirements:

No special characters, minimum number of characters is 8, maximum number of
characters is 22, minimum number of upper case letters is 1, lower case also 1,
numeric characters...

https://dumbpasswordrules.com/sites/banca-intesa-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Very good listen, if also disturbing, of “To Catch A Thief” with Nicole Perlroth talking with Anthropic’s Nicholas Carlini about Mythos’s Zero Day machine and the dangers of zero day exploits becoming far more accessible.
If you haven’t read Perlroth’s book, “This Is How They Tell Me the World Ends,” I highly recommend it.
https://podcasts.apple.com/us/podcast/to-catch-a-thief-chinas-rise-to-cyber-supremacy/id1798267956
#cybersecurity #tech #ai

This dumb password rule is from Mobility.

The username is the customer number, which is sequential and cannot be changed, currently 7 digits long for new customers.
The password has to be exactly 6 digits long, only numbers allowed.

https://dumbpasswordrules.com/sites/mobility/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Wageworks.

In addition to the following rules regarding passwords...
- 8-20 characters in length
- Include at least 4 of the following: lowercase letter, uppercase letter, number AND symbol
- Not include your last name, first name or space

Your new password should be different from your previous twenty pas...

https://dumbpasswordrules.com/sites/wageworks/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from CloverSecurity.

* Password restricts quantity of characters "of same case", making [correcthorsebatterystaple](https://xkcd.com/936/)-style passwords problematic
* No feedback for which rules are broken
* Unlisted prohibited characters

https://dumbpasswordrules.com/sites/cloversecurity/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Rediff.

A maximum password length of 12. The hidden requirements are:
- at least 1 uppercase letter
- at least 1 lowercase letter
- at least 1 numeric character
- at least 1 special symbol (which can not be ^, %)

https://dumbpasswordrules.com/sites/rediff/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Zurich.

Password must be EXACTLY 8 characters long.

Alpha numeric characters ONLY.

The first character must be alphabetic.

NO spaces.

The new Password cannot be the same as the last 32 passwords you have used. (they actually store your last 32 passwords)

https://dumbpasswordrules.com/sites/zurich/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🆕 blog! “Responsible Disclosure: Chimoney Android App and KYCaid”

Chimoney is a new "multi-currency wallet" provider. Based out of Canada, it allows users to send money to and from a variety of currencies. It also supports the new Interledger protocol for WebMonetization.

But it has a security flaw which cannot be ignored.

👀 Read more: https://shkspr.mobi/blog/2026/01/responsible-disclosure-chimoney-android-app-and-kycaid/
⸻
#android #CyberSecurity #ResponsibleDisclosure #security #WebMonetization

This dumb password rule is from Really Useful Storage Boxes.

- Have a length between 8 and 20 alphanumeric characters (without accents)
- Contain at least 1 CAPITAL letter
- Contain at least 1 lowercase letter
- Contain at least 1 numeric character
- Contain at least 1 special character taken from the following list: *$@&()[]{}=#.-!?+/£€%

https://dumbpasswordrules.com/sites/really-useful-storage-boxes/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

They: "On a scale from 1 to 10: How lazy are you?"

Me: Using the copy fail exploit instead of sudo to avoid having to type my password

#copyfail #linux #cybersecurity

Thinking about two-part cryptography tokens got me sad - Alexa, play...

Dos PASETO #infosec #cybersecurity

This dumb password rule is from Easybank (Austrian direct bank).

- At least 8 and at most 16 (!) characters
- **Must start with 5 digits (do we really want to know what's going on there?)**
- At least one uppercase and one lowercase letter
- (Some) special characters are permitted, most are not
- "Simple" patterns are prohibited
- PINs are case sensitive (at l...

https://dumbpasswordrules.com/sites/easybank-austrian-direct-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Turkish Airlines.

- Your password must consist of 6 digits
- Make sure that your password does not contain your date of birth or three consecutive digits...
- but two is OK, for sure.
- ... and that the same number is not repeated three or more times.
- but two times is probs OK

https://dumbpasswordrules.com/sites/turkish-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Vancity Credit Union.

Personal Access Code (or PAC–they are too ashamed to call it a password), must be between 5 to 8 digits and cannot start with '0'. (no letters or symbols)

https://dumbpasswordrules.com/sites/vancity-credit-union/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Best Buy.

You can enter whatever password you like! But you probably don't want to
make it too long, because you'll break us and you'll never be able to
login again.

https://dumbpasswordrules.com/sites/best-buy/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IBM.

12-63 characters
One uppercase character
One lowercase character
One number
Sufficiently Strong
Special characters are optional.
Double byte characters are not allowed

https://dumbpasswordrules.com/sites/ibm/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from EllieMae Access.

Must reset password every 6 months and password requirements are not displayed _anywhere_.
Reset uses a Security Question, and you have to choose from a list of 5.

https://dumbpasswordrules.com/sites/elliemae-access/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from A1.net.

- At least 8 and at most 16 characters
- At least 1 digit
- At least 1 uppercase letter

The password must not contain your first name, surname or username.
The allowed special characters are: ! @ # % ^ & * _.

https://dumbpasswordrules.com/sites/a1-net/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Friends, I wrote a book. It's now out in its fourth edition.

More in "The Book of PF, 4th Edition: It's Here, It's Real" https://nxdomain.no/~peter/its_real_its_here.html

For background, "Yes, The Book of PF, 4th Edition Is Coming Soon" https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html

Get the book: https://nostarch.com/book-of-pf-4e

@nostarch #bookofpf #pf #networking #openbsd #freebsd #networktrickery #cybersecurity

This dumb password rule is from Sephora.

Password must be between 6 and 12 characters. No other rules
specified.

https://dumbpasswordrules.com/sites/sephora/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Entwickler.de.

Your password must be 12-20 characters.

https://dumbpasswordrules.com/sites/entwickler-de/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from University of Western Australia (Pheme).

Passwords:
1. Must contain at least 8 characters;
2. Must contain at least 3 out of 4 types of characters
(uppercase letters, lowercase letters, digits, special characters);
and
3. Must not contain
"the user's account name or parts of the user's full name
that exceed two consecutive characters".
...

https://dumbpasswordrules.com/sites/university-of-western-australia-pheme/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ASN Bank.

Your password needs to be between 8 and 20 characters long - at least 1 number, 1 lower case letter, 1 upper case letter, 1 special character.

https://dumbpasswordrules.com/sites/asn-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Testprep Training.

The max password size is 20 characters

https://dumbpasswordrules.com/sites/testprep-training/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ME Bank.

- Must be all numerals.
- Be 7 to 20 digits.
- Cannot have the same number three times in a row.
- Cannot have four ascending or descending numbers.
- Cannot have the same number appear more than five times.
- Cannot have pairs next to each other if the second pair is one number higher.
- Cannot ...

https://dumbpasswordrules.com/sites/me-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Williams-Sonoma.

25 maximum characters and disallowing some specials.

https://dumbpasswordrules.com/sites/williams-sonoma/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from El Corte Ingles.

Min 6 and max 8 characters for password! Can't contain anything
different than letters and numbers. Apart, the email address must have
at least 8 characters (sorry million dollar domain owners! :D)

https://dumbpasswordrules.com/sites/el-corte-ingles/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The less a government has to prosecute you with, the better.

*Edited.

@gazaverified@mastodon.ar.al @casey@kafeneio.social @rania40@mastodon.social @saja@mstdn.social @sharifgaza@mastodon.social @aral@mastodon.ar.al

#gaza #palestine #gazaverified #mastodon #fediverse #newmembers #verification, #cybersecurity, #opsec, #privacy.

@Saorsa @gazaverified @casey @rania40 @saja @sharifgaza All those accounts are public and Israel already has fine grained surveillance data spanning decades on every Palestinian.

This is a means for people who are using the fediverse as one of their last lifelines to get support from the outside world without being dismissed as fake/scammers.

#gaza #palestine #gazaverified #mastodon #fediverse #newmembers #verification, #cybersecurity, #opsec, #privacy.

Please consider keeping sensitive information such as this behind a portal. Oauth can be used to allow verified users to authenticate through their fediverse account for access.

As things currently stand, the resource you've created with good intentions is currently fair game for Mossad to use in profiling.

#gaza #palestine #gazaverified #mastodon #fediverse #newmembers #verification, #cybersecurity, #opsec, #privacy.

*Edited.

@gazaverified@mastodon.ar.al @casey@kafeneio.social @rania40@mastodon.social @saja@mstdn.social @sharifgaza@mastodon.social @aral@mastodon.ar.al

This dumb password rule is from Epic Games.

You must:
- Not use any of your last 5 passwords
- Use at least 7 characters
- Use at least 1 letter
- Use at least 1 number
- Not use spaces

Max password length's 256 characters.

https://dumbpasswordrules.com/sites/epic-games/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

#Bitwarden CLI 2026.4.0 compromised in a supply chain attack.

https://socket.dev/blog/bitwarden-cli-compromised

Looks like the window was incredibly small and the impact minimal. A CVE is still being issued.

https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127

> "The issue affected the npm distribution mechanism for the CLI during that limited window, not the integrity of the legitimate Bitwarden CLI codebase or stored vault data."

No need to panic, but I have a feeling we'll see a lot more of this. Recall XZ and SSH?

#security #cybersecurity

Looks like UK Biobank are going for the "Data Breach of the Year Award".

A strong contender, I think.

https://www.bbc.co.uk/news/articles/cpvxgl3n138o

#UKBiobank #CyberSecurity #DataBreach

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal.

In its security bulletin, Adobe acknowledges that the vulnerability tracked as CVE-2026-34621, is being exploited in the wild.

https://helpx.adobe.com/security/products/acrobat/apsb26-43.html

https://www.cve.org/CVERecord?id=CVE-2026-34621

#adobe #adobereader #pdf #cybersecurity #tech